From d349681d9318e4c1bd07033298707ead4a81289c Mon Sep 17 00:00:00 2001
From: "Aliaksandr Ramanovich (EPAM)" <aliaksandr_ramanovich1@epam.com>
Date: Fri, 5 Aug 2022 08:12:30 +0000
Subject: [PATCH] Gonrg 5390 upd istio policy

---
 devops/gcp/deploy/templates/authorization-policy.yml |  4 ++++
 .../gcp/deploy/templates/request-authentication.yml  | 12 ++++++------
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/devops/gcp/deploy/templates/authorization-policy.yml b/devops/gcp/deploy/templates/authorization-policy.yml
index ba40c838c..559a1e408 100644
--- a/devops/gcp/deploy/templates/authorization-policy.yml
+++ b/devops/gcp/deploy/templates/authorization-policy.yml
@@ -74,5 +74,9 @@ spec:
     - key: request.auth.claims[email]
       values:
       - "integration-tester@service.local"
+      - "storage@service.local"
+      - "datafier@service.local"
+      - "register@service.local"
+      - "notification@service.local"
   {{- end }}
 {{- end }}
diff --git a/devops/gcp/deploy/templates/request-authentication.yml b/devops/gcp/deploy/templates/request-authentication.yml
index 65cdee849..9c1b8cf06 100644
--- a/devops/gcp/deploy/templates/request-authentication.yml
+++ b/devops/gcp/deploy/templates/request-authentication.yml
@@ -9,13 +9,13 @@ spec:
     matchLabels:
       app: "{{ .Values.conf.appName }}"
   jwtRules:
-  - issuer: "https://keycloak.{{ .Values.conf.domain }}/auth/realms/{{ .Values.auth.realm }}"
-    jwksUri: "http://keycloak.{{ .Release.Namespace }}.svc.cluster.local/auth/realms/{{ .Values.auth.realm }}/protocol/openid-connect/certs"
+  - issuer: "https://keycloak.{{ .Values.conf.domain }}/realms/{{ .Values.auth.realm }}"
+    jwksUri: "http://keycloak.{{ .Release.Namespace }}.svc.cluster.local/realms/{{ .Values.auth.realm }}/protocol/openid-connect/certs"
     forwardOriginalToken: true
-  - issuer: "http://keycloak.{{ .Values.conf.domain }}/auth/realms/{{ .Values.auth.realm }}"
-    jwksUri: "http://keycloak.{{ .Release.Namespace }}.svc.cluster.local/auth/realms/{{ .Values.auth.realm }}/protocol/openid-connect/certs"
+  - issuer: "http://keycloak.{{ .Values.conf.domain }}/realms/{{ .Values.auth.realm }}"
+    jwksUri: "http://keycloak.{{ .Release.Namespace }}.svc.cluster.local/realms/{{ .Values.auth.realm }}/protocol/openid-connect/certs"
     forwardOriginalToken: true
-  - issuer: "http://keycloak.{{ .Release.Namespace }}.svc.cluster.local/auth/realms/{{ .Values.auth.realm }}"
-    jwksUri: "http://keycloak.{{ .Release.Namespace }}.svc.cluster.local/auth/realms/{{ .Values.auth.realm }}/protocol/openid-connect/certs"
+  - issuer: "http://keycloak.{{ .Release.Namespace }}.svc.cluster.local/realms/{{ .Values.auth.realm }}"
+    jwksUri: "http://keycloak.{{ .Release.Namespace }}.svc.cluster.local/realms/{{ .Values.auth.realm }}/protocol/openid-connect/certs"
     forwardOriginalToken: true
 {{- end }}
-- 
GitLab